North Korea Link Suspected in Taiwan Bank Cyberheist
October 17 2017 - 8:44AM
Dow Jones News
By Dan Strumpf
HONG KONG--A North Korea-linked cybercrime ring suspected of
raiding Bangladesh's central bank last year was likely responsible
for the recent theft of $60 million from a Taiwanese bank,
cybersecurity researchers say.
The ring, called the Lazarus group, has been implicated in an
$81 million theft from the central bank of Bangladesh, as well as
the disruptive WannaCry ransomware attack earlier this year and the
2014 hack of Sony Pictures Entertainment.
In a blog post Tuesday, cybersecurity researchers at U.K.
defense company BAE Systems PLC also implicated Lazarus in the
Taiwanese theft, saying that tools used in the attack on the Far
Eastern International Bank include those used by Lazarus in the
past.
"The attack this month on Taiwanese Far Eastern International
Bank has some of the hallmarks of the Lazarus group," BAE
researchers wrote.
The suspected ties to Lazarus suggest the group's continued
focus on financial cybercrimes. In addition to the Bangladesh Bank
theft, the BAE researchers said the group has been targeting
bitcoin and is behind attacks on banks in Mexico and Poland.
Security researchers suspect the group has links to North Korea.
U.S. authorities have said that one hack also linked to
Lazarus--the 2014 Sony Pictures hack--originated in North Korea.
The country has denied being behind the attack.
The BAE researchers said they found further evidence of the
group's North Korea links, saying they observed infrastructure in
North Korea controlling the malware used in a previous
Lazarus-linked attack. Representatives at North Korea's Beijing
embassy and Hong Kong consulate weren't immediately available for
comment.
The post sheds further light on the breach of the Taipei-based
Far Eastern International Bank. The breach resulted in the transfer
of funds to accounts in Sri Lanka, the U.S. and Cambodia after the
perpetrators penetrated the bank's access to the
financial-messaging service known as the Society for Worldwide
Interbank Financial Telecommunication, or Swift.
Other cyberattacks in the past year have penetrated banks'
access to Swift, including the Bangladesh Bank theft.
In a statement, Swift said: "We have no indication that our
network and core messaging services have been compromised."
Sri Lankan authorities arrested two people suspected in the
theft, Taiwanese state media reported last week, with one of the
individuals caught after trying to withdraw the equivalent of about
$520,000. A representative from the Far Eastern International Bank
didn't immediately respond to a request for comment.
The BAE researchers said they found a number of clues
implicating Lazarus in the Taiwanese breach. Among them was the use
of accounts in Sri Lanka and Cambodia as destinations for the
stolen funds, as well as the use of malware previously used in
Lazarus attacks on banks in Poland and Mexico.
While the group has succeeded in penetrating financial
institutions, it still has trouble making off with its plunder, the
BAE researchers said. They said payments are often quickly reversed
after they are uncovered.
"The group may be trying new tricks to disrupt victims and delay
their ability to respond," the researchers said, including
"different message formats, and the deployment of ransomware across
the victim's network as a smokescreen for their other
activity."
Security researchers have linked Lazarus to the WannaCry attack,
a ransomware assault that began in May and affected more than
200,000 computers in more than 100 countries. The attack exploited
Windows systems lacking up-to-date security patches.
In the Bangladesh central-bank breach, the group was suspected
of stealing $81 million from the Bangladesh Bank's account at the
Federal Reserve Bank of New York last year after initiating
fraudulent orders asking for nearly $1 billion.
Write to Dan Strumpf at daniel.strumpf@wsj.com
(END) Dow Jones Newswires
October 17, 2017 09:29 ET (13:29 GMT)
Copyright (c) 2017 Dow Jones & Company, Inc.
Bae Systems (LSE:BA.)
Historical Stock Chart
From Apr 2024 to May 2024
Bae Systems (LSE:BA.)
Historical Stock Chart
From May 2023 to May 2024